Date: Thu, 16 Sep 2010 16:11:55 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE-identifier request for Dovecot ACL security bug Please use CVE-2010-3304 Thanks. -- JB ----- "Henri Salo" <henri@...v.fi> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can I get CVE-identifier for this issue? > > "This release fixes a bug in ACL plugin, which could be considered a > security bug: If Maildir is used with default settings (INBOX is same > as Maildir root dir) and user set some ACLs to INBOX, those ACLs were > copied to all newly created mailboxes. This should have been done > only > for "default ACLs", but with Maildir the INBOX directory is the same > as > the default ACL directory, so this mixup happened. This bug exists > only > in v1.2.x releases." > > URL to announcement: > http://www.dovecot.org/list/dovecot-news/2010-July/000163.html > > Please note that this is different issue than: CVE-2010-0745 > > Best regards, > Henri Salo > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkySVTEACgkQXf6hBi6kbk9r9wCgs6z72LRTcywrsWIPtRiAR/R0 > fxcAoLQuYxA3NDFPsUiUhe7uTBm6c5xI > =nWSw > -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ